| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110 |
- from django.core.urlresolvers import reverse
- from django.shortcuts import redirect
- from django.template import RequestContext
- from django.utils import timezone
- from django.utils.translation import ugettext as _
- from misago.admin import site
- from misago.csrf.decorators import check_csrf
- from misago.banning.decorators import block_banned
- from misago.forms.layouts import FormLayout
- from misago.messages import Message
- from misago.authn.methods import auth
- from misago.authn.decorators import block_authenticated, block_guest
- from misago.authn.forms import SignInForm
- from misago.authn.methods import AuthException, auth_admin, auth_forum, sign_user_in
- from misago.bruteforce.decorators import block_jammed
- from misago.bruteforce.models import SignInAttempt
- from misago.sessions.models import Token
- from misago.utils import get_random_string
- @block_banned
- @block_authenticated
- @block_jammed
- def signin(request):
- message = request.messages.get_message('security')
- bad_password = False
- not_active = False
- banned_account = False
-
- if request.method == 'POST':
- form = SignInForm(
- request.POST,
- show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'],
- request=request
- )
-
- if form.is_valid():
- try:
- # Configure correct auth and redirect links
- if request.firewall.admin:
- auth_method = auth_admin
- success_redirect = reverse(site.get_admin_index())
- else:
- auth_method = auth_forum
- success_redirect = reverse('index')
-
- # Authenticate user
- user = auth_method(
- request,
- form.cleaned_data['user_email'],
- form.cleaned_data['user_password'],
- )
-
- sign_user_in(request, user)
- remember_me_token = False
-
- if not request.firewall.admin and request.settings['remember_me_allow'] and form.cleaned_data['user_remember_me']:
- remember_me_token = get_random_string(42)
- remember_me = Token(
- id=remember_me_token,
- user=user,
- created=timezone.now(),
- accessed=timezone.now(),
- )
- remember_me.save()
- if remember_me_token:
- request.cookie_jar.set('TOKEN', remember_me_token, True)
- request.messages.set_flash(Message(_("Welcome back, %(username)s!") % {'username': user.username}), 'success', 'security')
- return redirect(success_redirect)
- except AuthException as e:
- message = Message(e.error, 'error')
- bad_password = e.password
- banned_account = e.ban
- not_active = e.activation
-
- # If not in Admin, register failed attempt
- if not request.firewall.admin and e.type == auth.CREDENTIALS:
- SignInAttempt.objects.register_attempt(request.session.get_ip(request))
-
- # Have we jammed our account?
- if SignInAttempt.objects.is_jammed(request.settings, request.session.get_ip(request)):
- request.jam.expires = timezone.now()
- return redirect(reverse('sign_in'))
- else:
- message = Message(form.non_field_errors()[0], 'error')
- else:
- form = SignInForm(
- show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'],
- request=request
- )
- return request.theme.render_to_response('signin.html',
- {
- 'message': message,
- 'bad_password': bad_password,
- 'banned_account': banned_account,
- 'not_active': not_active,
- 'form': FormLayout(form),
- 'hide_signin': True,
- },
- context_instance=RequestContext(request));
- @block_guest
- @check_csrf
- def signout(request):
- user = request.user
- request.session.sign_out(request)
- request.messages.set_flash(Message(_("You have been signed out.")), 'info', 'security')
- if request.firewall.admin:
- return redirect(reverse(site.get_admin_index()))
- return redirect(reverse('index'))
|
